Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

A Layered Software Architecture for the Management of a Manufacturing Company

In this paper we describe a layered software architecture in the management of a manufactur-ing company that intensively uses computer technology. Application tools, new and legacy, after the updating, operate in a context of an open web oriented architecture. The software architecture enables the integration and interoperability among all tools that support business processes. Manufacturing Executive System and Text Mining tools are excellent interfaces, the former both for internal production and management processes and the latter for external processes coming from the market. In this way, it is possible to implement, a computer integrated factory, flexible and agile, that immediately responds to customer requirements.ICT, Service Oriented Architecture, Web Services, Computer-Integrated Factory, Application Software

The industrial internet of things (IIoT) : an analysis framework

Historically, Industrial Automation and Control Systems (IACS) were largely isolated from conventional digital networks such as enterprise ICT environments. Where connectivity was required, a zoned architecture was adopted, with firewalls and/or demilitarized zones used to protect the core control system components. The adoption and deployment of ‘Internet of Things’ (IoT) technologies is leading to architectural changes to IACS, including greater connectivity to industrial systems. This paper reviews what is meant by Industrial IoT (IIoT) and relationships to concepts such as cyber-physical systems and Industry 4.0. The paper develops a definition of IIoT and analyses related partial IoT taxonomies. It develops an analysis framework for IIoT that can be used to enumerate and characterise IIoT devices when studying system architectures and analysing security threats and vulnerabilities. The paper concludes by identifying some gaps in the literature

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

© 2020, The Author(s). The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in real-time. Needless to say, in today’s dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organization’s network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats (CSTs) in the world today, many organisations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of Real-Time Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments

Anomaly Detection and Encrypted Programming Forensics for Automation Controllers

Securing the critical infrastructure of the United States is of utmost importance in ensuring the security of the nation. To secure this complex system a structured approach such as the NIST Cybersecurity framework is used, but systems are only as secure as the sum of their parts. Understanding the capabilities of the individual devices, developing tools to help detect misoperations, and providing forensic evidence for incidence response are all essential to mitigating risk. This thesis examines the SEL-3505 RTAC to demonstrate the importance of existing security capabilities as well as creating new processes and tools to support the NIST Framework. The research examines the potential pitfalls of having small-form factor devices in poorly secured and geographically disparate locations. Additionally, the research builds a data-collection framework to provide a proof of concept anomaly detection system for detecting network intrusions by recognizing the change in task time distribution. Statistical tests distinguish between normal and anomalous behaviour. The high true positive rates and low false positive rates show the merit of such an anomaly detection system. Finally, the work presents a network forensic process for recreating control logic from encrypted programming traffic

A Survey on Industrial Control System Testbeds and Datasets for Security Research

The increasing digitization and interconnection of legacy Industrial Control Systems (ICSs) open new vulnerability surfaces, exposing such systems to malicious attackers. Furthermore, since ICSs are often employed in critical infrastructures (e.g., nuclear plants) and manufacturing companies (e.g., chemical industries), attacks can lead to devastating physical damages. In dealing with this security requirement, the research community focuses on developing new security mechanisms such as Intrusion Detection Systems (IDSs), facilitated by leveraging modern machine learning techniques. However, these algorithms require a testing platform and a considerable amount of data to be trained and tested accurately. To satisfy this prerequisite, Academia, Industry, and Government are increasingly proposing testbed (i.e., scaled-down versions of ICSs or simulations) to test the performances of the IDSs. Furthermore, to enable researchers to cross-validate security systems (e.g., security-by-design concepts or anomaly detectors), several datasets have been collected from testbeds and shared with the community. In this paper, we provide a deep and comprehensive overview of ICSs, presenting the architecture design, the employed devices, and the security protocols implemented. We then collect, compare, and describe testbeds and datasets in the literature, highlighting key challenges and design guidelines to keep in mind in the design phases. Furthermore, we enrich our work by reporting the best performing IDS algorithms tested on every dataset to create a baseline in state of the art for this field. Finally, driven by knowledge accumulated during this survey's development, we report advice and good practices on the development, the choice, and the utilization of testbeds, datasets, and IDSs

A Review of Testbeds on SCADA Systems with Malware Analysis

Supervisory control and data acquisition (SCADA) systems are among the major types of Industrial Control Systems (ICS) and are responsible for monitoring and controlling essential infrastructures such as power generation, water treatment, and transportation. Very common and with high added-value, these systems have malware as one of their main threats, and due to their characteristics, it is practically impossible to test the security of a system without compromising it, requiring simulated test platforms to verify their cyber resilience. This review will discuss the most recent studies on ICS testbeds with a focus on cybersecurity and malware impact analysis

LAYING THE FOUNDATION FOR A MINIATUAIRZED SCADA TESTBED TO BE BUILT AT CSUSB

This culminating experience sought to lay the foundation for a miniaturized physical SCADA testbed to be built at California State University San Bernardino to enable students to apply the cybersecurity knowledge, skills and abilities in a fun and engaging environment while learning about what SCADA is, how it works, and how to improve the security of it. This project was conducted in response to a growing trend of cybersecurity attacks that have targeted our critical infrastructure systems through SCADA systems which are legacy systems that manage critical infrastructure systems within the past 10 years. Since SCADA systems require constant availability, it makes it hard to test the security of these devices which is why testbeds have been designed to analyze how a cyber-attack affects these systems in a safe environment. To build a SCADA testbed at CSUSB this project designed a requirements documentation based on the following questions so that the next person that wants to accomplish this task can take the requirements outlined and build a miniaturized physical SCADA testbed. To craft the appropriate requirements documentation this project aimed to answer the following questions: Q1. How can a miniaturized SCADA testbed be built for a school environment using open-source architecture? Q2. What critical infrastructure sectors can be easily implemented into a physical SCADA testbed? Q3. Which cyber-attacks can be easily replicable in a SCADA scenario-based environment? Q4. How should SCADA scenarios be modeled for an implementation into this testbed? To answer these questions, research was conducted utilizing scholarly articles on currently available SCADA testbeds, conducted interviews with individuals that have built SCADA testbeds, and distributed a survey to different SCADA professionals to build a requirement documentation for the miniaturized SCADA testbed, which included functional and nonfunctional requirements, use case diagrams and detailed use cases. After gathering the data from 3 different interviews with SCADA professionals and aggregating responses of the surveys we crafted a requirements documentation which includes a requirements documentation, detailed use cases, use case diagrams, and a classes and relationship chart so that the next individual who works on this project can use these ideas and begin construction of a miniaturized SCADA testbed at CSUSB